Vulnerabilities > Freeradius > Freeradius > 2.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-17 | CVE-2017-10979 | Out-of-bounds Write vulnerability in Freeradius An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | 7.5 |
2017-07-17 | CVE-2017-10978 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. | 5.0 |
2014-11-02 | CVE-2014-2015 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freeradius Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. | 7.5 |
2013-03-12 | CVE-2011-4966 | Credentials Management vulnerability in Freeradius modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. | 6.0 |
2008-10-07 | CVE-2008-4474 | Link Following vulnerability in Freeradius 2.0.4 freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. | 7.2 |